Slashdot Mirror
Kuro5hin - Bitter and Hopeful
Dylan Griffiths, known to Kuro5hin users as Inoshiro, gives us the sysadmin play-by-play:
"This started on Sunday night. Basically, I had been over at a friend's place, there had been a storm watch, and he's a ham radio guy. He's a member of Canwatch, which is a volunteer ham radio thing you can do once you get a license. We were out driving around all afternoon. We got home, watched some TV, and dropped me off at home. At that point it was pretty late and I was about to go to bed. Normally, I would just go to bed, but I sat in front of the computer to check out Kuro5hin, and I noticed that there were about nine stories in the moderation queue. I thought that was a bit odd, because we normally get one or two stories at a time, and they get voted on, so they either show up or disappear quickly. I went to the submission queue, and I saw one or two stories posted by people with handles, and the rest were all Anonymous Hero. I initially thought that perhaps some fellow had decided to post a few things on Sunday night so it would be there for Monday morning, because weekend traffic is about half of our weekday traffic. I figured I would just delete the extras. The subject lines for the submissions were all just random strings of text. I didn't know why that would be, so I deleted a couple of them, and noticed that a couple came back. So, I logged into the server and I was going to see if I could block the garbage submissions. I also logged into the IRC channel to see if anyone knew what was going on. That's where people told me about a user named Kano, and how he was angry that his story was voted down so quickly. In the interest of getting the facts, I wanted to block what was going on, and get more of the story. I blocked it, fired off a couple of mails to [Kuro5hin creator] Rusty (Foster), and talked with some of the guys on IRC because on the whole, they're nice people. Kuro5hin has a great bunch of people that helped me and Rusty through this. We talked about it, and one of the channel members mentioned that the machine the attacks were coming from looked like it had a bunch of ports open. When I traced it through the whois database, it was a part of a server farm in a hosting company. So, you'd think they'd only have web, and maybe ssh and telnet open for admin purposes, and everything else would be centralized, because that's what you do when you have 400 machines."
The team leaps to action
Inoshiro continues, "Rusty joined the chat on Sunday night, and the IRC channel users banded together. We banned two subnets, and the channel people helped us clean up the submission queue. The box on one of the subnets we banned was obviously cracked. In addition to ftp ssh and http, they had sunrpc open, nfs, mysql and irc. So, besides the obvious fact that mysql should be open like that and the Sunrpc services, irc is something you don't see on a webhosting farm. I don't think the spammer expected us to block him quite so quickly. It took me about 40 minutes for me to block him because a router between me and k5 went mad and was giving me 3000ms latency. It was the first time I'd actually had to do it. Once it was blocked, that's when the channel helped us clean up. Then, within 20 minutes, it started coming in again. That one was blocked within about ten minutes, and that was a proxy server. Everything else since then has been cracked boxes.
"I got it down to the point where we would see five scroll by, and when we got to the end, I basically ignored everything else I was doing, and blocked submissions as they came in. It wasn't until Monday night that the router between myself and k5 stopped giving us incredibly high ping times.
"I went to bed, and I slept in a little bit. I got up, joined the channel. Since I finished school earlier this month, I talk to people in the channel in the morning because most of the people I know are asleep or have a job. I've been sort of looking for employment recently, but I've been spending a lot of time working on k5. I usually talk to them in the channel, because Rusty was gone for two weeks and I was the only admin around. I'd been spending more time just talking to people. We had a bit of a chat, a few people proposed ideas about who they thought might have done it. Nothing was really resolved. Then I noticed that there was more stuff coming in the queue. I contacted Rusty at work, and he joined the IRC chat, and we talked about it. We spent Monday getting some of the scoop developers to disable anonymous story submissions, then we added logging to a bunch of things. Basically, Monday was the day when we were babysitting k5. The poster would switch their submission to a new cracked box. I was watching the output of the log and ipchains the subnet, look up the person responsible, and cc: it to Rusty. The people Rusty used to work for, intes.net, offered legal support. They've been really great about it because even though Rusty doesn't work for them anymore, they were still hosting the box until we get it all moved."
On Tuesday, the system abuse continued not only in the submission queue, but also in the commenting system used by readers to share their feelings or concerns about news items that Kuro5hin posts throughout the day.
More from Inoshiro: "I mailed [Slashdot Founder] Rob (Malda) on Tuesday morning, and I wasn't sure how he'd take it. Usually his replies are given out with as few words as possible. After a couple of replies, we were sending 8 or 9 paragraphs back and forth all day. He suggested a few things, and Rusty said he didn't realize it could have gotten that bad so quickly. My buddy from Sunday came over, and I watching Kuro5hin and he was helping me set up networking booting with an OpenBSD box I have here. It was ten o'clock, and we went to watch The Simpsons. While we watched, the guy had just been spamming the server more. he started spamming about fifteen minutes after we went to watch The Simpsons. How could someone do this? This is like proving a windshield is made of glass by smashing it."
So, at three in the morning at the Villa Hotel in San Mateo, Rusty Foster, Kuro5hin's creator, replaced his website with a black page telling the story of the denial of service attacks. I got a chance to speak to Rusty today while he was in his office at OpenSales.
Rusty said, "Today I'm bitter and hopeful. Yesterday I was bitter and depressed. It bothers me a lot, is the best I can put it."
The fact that Kuro5hin is entirely volunteer-run, added to the fact that they've got an active IRC presence and die-hard fans, lends itself to community building. People read Kuro5hin, post comments, and share their feelings and criticisms with people around the world. In the end, the Kuro5hin staff is resolved to not let the misguided destruction of one incident destroy the community they have built from the ground up.
"I think that we will get the site back up," Rusty said. "It will not be entirely the same as it was before. Anonymous access is gonna go. That's all there is to it. There's a place for anonymous access and I'm all for free speech, but there's also got to be a place for real people who will stand up and identify themselves, more or less. We're not even asking for identities, we're asking people to create a pseudonym and use it. Slashdot pretty much has the market cornered on free and open access, and I'm a lot more impressed now with the crap you put up with."
I'm aiming for a month. I'm leaving in August to go to Italy, and then immediately after that, my sister's getting married. I won't be back here with reliable access until the middle off August. There are a bunch of great developers that work on the code, and I'm going to put together a list of things that need to be done. Knowing them, they'll probably do most of them. Whatever remains, I'll do when I get back, and then we will re-launch amid great fanfare. I got a lot of great E-mails from people supporting the site, and a lot of them supprting my decision to close it until we've taken care of the problem, and I would like to thank them collectively for all their support, making me feel better, and inspiring me to actually get the site back."
Update: 07/26 08:59 PM by CT : Just wanted to throw my 2 bits in... VA Linux Systems is gonna help with some hardware since the Kuro5hin system really was strugglign to keep up with their existing hardware. That doesn't address the spam attacks which we've also spent quite a bit of time discussing. I'm personally finding this really interesting since I've gone through it all with Slashdot over the years, and seeing it done to someone else with the benefit of hindsight and experience is quite interesting. The frusteration you feel when something you work so hard on is screwed with by troublemakers is hard to describe: especially when you're just a volunteer. Slashdot wouldn't have survived that stage without help from a lot of people... Best of luck to you guys, and I hope to see ya pull through this.
We want to HELP k5, not steal what makes it different...
I see that they've noticed a number of cracked boxes used in the attacks, but if *I* were the victim of something like this I would be on the phone in a second to the people running the networks of these cracked boxes. An on-going attack like this is typically very easy to spot from a network point of view, and with some competant admins, you can go from there straight back to the source.
I mean it may take a few times (if the box is vulnerable, sure there's an increased likelyhood of a lack of clueful administration) before you'll find someone that can help you, and if they're bouncing between multiple hops, it'll mean coordinating or conferencing phone calls, but it CAN be done.
The reason script kiddies get away with shit like this is because nobody ever takes the time and effort to track them down and prosecute. Since nobody does it, the l33t0 hax0r kiddies figure they're invincible and keep right on doing it.
The tools DO exist to track them down. There's always a trail if you can just find admins willing to help you every hop of the way. Given the nature of the attack, he's probably using the cracked machines solely for their unique network addresses, not as a means of hiding his identity. Given the number of such hosts, it should have been trivially easy to find SOMEONE willing to track this asshole back to his ISP.
Agreed.. k5 refered to 'the other guys' but it was never all that harsh.. It was a little friendly competition. Slashdot is a big dog, you've gotta expect k5 to give them shit when they can.
start by banning ACs I would have argued with you before trying to moderate. ACs seem like a way to be inclusive and bring in fresh and new ideas. Yet I was astounded at what I saw at -1. The waste. Most definitely less than uplifting.
Apparently this script was used to spam K5, and the guy that created it has a web site, although it offers no explanation on WHY they did this. Maybe having the script will help you block it. The address of the script was posted as another anonymous message in this thread.
He claims he was inspired by Slashtroll, a similar script for trolling Slashdot. The author of Slashtroll (zk65) removed the program after seeing what happened to K5, and posted a message here.
I think this was metioned in the other story, but it's such a good idea that it bears repeating here.
How about making kuro5hin based on a trust metric?
Here's how it might start out. rusty and Inoshiro and a few trusted other (perhaps loyal kuro5hin readers) would start off as the web of trust. As people begin to submit stories and get them moved to the front page, they can get "moderated" up to be trusted to submit reasonable stories. Perhaps as people gain trust, they can have their stories moved to the front page faster. Presumably, these same people would eventually be included in the trust web and extended "moderation" privileges. And soon you would have enough people that the load would be distributed evenly.
Of course, there could also be an increasingly (exponential) penalty for submitting crap, eventually cumulating in the banishment of the user/IP from submitting stories for some amount of time. If the banishment is not for all time, then the trust would have to be slowly extended back to this person. This would hopefully prevent cyclical occurences of spammation.
I think this preserves the idea of kuro5hin, allowing the community to decide what gets posted, while limiting the community to something reasonable. The same idea could even be applied to comments as well, to prevent people from screwing the comment queue as well.
Thinking of it in Slashdot terms, for those of you who are die-hard Slashdot fans, the trust web is akin to karma.
I really miss kuro5hin. This was the first idea that popped into my head for fixing things.
What do people think?
The level of clue on Slashdot has dropped exponentially for the last several months (at least). I don't care about all the morons who post on Slashdot. I can ignore them even when browsing at -1.
But, I don't want them picking the stories I read.
Looks like this script kiddie is turning his attention on to other sites using scoop as well.
Although I didn't see any problems on it earlier this week, Scoop.kuro5hin.org has been under attack all day.
--
Be insightful. If you can't be insightful, be informative.
If you can't be informative, use my name
Be insightful. If you can't be insightful, be informative.
If you can't be informative, use my name
I don't have Rusty's email address, but I would also be willing to donate.
Additionally, I intend to be unemployed for a couple of weeks in August, and would happily volunteer time to do grunt coding work, etc, if they need it.
Robert West
aphrael@nospam@burble.org
I agree with all of this except the comments about fluffy grue and spiralx. They were both very good members of the K5 community. Yes, they have both trolled here, which sucks. I'm pretty sure fluffy stopped. Anyway, neither of them, to my knowlege were ever conspiracy-prone types, and overall, these are not the people we should be worrying about. But yes, other than that, hear hear.
--
There is no K5 cabal.
I am not the real rusty.
"What part of Gestalt don't you understand?"
I find the whole thing confusing.
*wink*
It's because they let geeks run the site unfettered, they need to get some suits to sit in their big chair and anticipate such things.
Blender And Linux Fan
The trouble is, if a site like ebay, hotmail, or amazon (or even slashdot) is that they have companies making money off of them - and thus, if you try to take them down, you will have a VERY competent and well-paid legal team after your ass. It's much safer to find a site that a lot of people give a lot of emotional, as opposed to financial, investment to, and destroy THAT - you'll piss off nearly as many people (which is really the point, isn't it?), but there's far less of a risk of retribution.
-Hentai [in vita non pacem est]
They have exactly what you need.
DNA just wants to be free...
Maybe, had I interpreted it the way you did, I wouldn't have been so harsh, but the fact still remains. JonKatz is always advocating geeks to act rather than sit on their asses (Take "Shut down Metallica, not Napster" by JK). JK is usually extremely verbose. Why doesn't he give some suggestions as to how we can help K5 or what he's doing to help?
I think we both have points here. I apologize that I may have misinterpreted his original post. If I had read it differently, I wouldn't have been so harsh, but I'd still raise the same point.
kwsNI
I was in a great mood yesterday until this happened. I'd just had my first story ever accepted by Slashdot (The Interbase one), I had an interesting job interview, and then K5 goes down.
I read K5 more than Slashdot these days, and post a lot more on there. I try and submit a story or two a week, and I have great fun there.
I had this great book review (of "The Forever War" by Jon Haldeman - great book, possibly the best '70s Hard SciFi I've ever read) half typed up. I log on, and I saw the submission queue with 25 entries. I think "Oh shit.. They are trolling K5" - sure enough, that's what it was.
Why would someone do this? I never understood people doing it on Slashdot, either. Once in a while, a good hand written troll is funny because of the reaction, but script-trolling? Why? Everyone knows you can do it - there is no challenge.
Anyway. I'm going to do something about it. I'm offering a $200 reward (that's Australian $s) in the event of someone turing the K5 troll in, and successful legal action being taken.
Sure, it's not a huge amount, but I hope a few others will do the same, and we'll see what happens. Yes, I'm serious.
I wouldn't have made the request if the pricing and quality weren't competitive -- they were and are.
D
----
The server would still choke processing the data. Even if it's discarding the posts, they would still be walking the wire with the data. If you read the article, what they were having to do, is monitor the incoming stuff, and see where it was originatiing. Then connect to the router and block the IP address there.
Even then, the pipe between your router, and the internet can be clogged, depending on how fat it is. I suppose it could be theoretically scripted so that it monitors incoming traffic at the server, and when it has a suspected spam attack happening, it logs into the router, and blocks the address or subnet the the attack is originating from. I'd be a little squeamish about my webserver having that kind of control over my router tho.
"Politicians are interested in people. Not that this is always a virtue. Fleas are interested in dogs." P.J. O'Rourke
Soon, we would see newspapers and ignorant print media lamenting about "hackers" launching dos attacks against sites who support open speech and even get away with a couple of snide remarks on how these sites were in turn lauding hackers and blah..blah..blah.
I wish this guys would identify those script kiddies and wipe the floor with their ass. I was looking at the "Know thy enemy" article on rootprompt.org and its quite interesting to see the type of people who does this, and who profess to be hackers. I could imagine "nothing to do" 14 yr old kids, morons who have no better job to do, and people who are trying to prove to the world that they could make an impact on this economy and the internet that fosters it, by bringing it down. Though I would respect the meticulous manner in which some of these attacks are organised, I would definitely love to see them go down. It doesnt make the world a better place, coz there would be still a lot of them out there and you could only do so much.
Slashdot for one, need to make a clear definition as to whats right and whats wrong. If we tell the future generations that pirating is ok, trading pirated software is ok, then theres nothing stopping them from resorting to dos attacks like this, just because they believe what they do is true. This is a never ending question and theres no clear cut answer as to whats right or wrong. The line is thin and it borders on the consciousness of us human beings. Most of the times, we are so hard to identify whats right or wrong. Whats right ? Is trading pirated software right thing to do ? Is napster evil ? Or is it the Music Industry who is licking their fingers ? Who is the winner and whos the loser ? There are no clear rules in this game. As long as there are people who believe that the laws of the land doesnt apply to them, and they could do what they please, we would see more of this. And if they are careful enough to cover their tracks, like anonymous cowards, they would keep on doing it. But the question that begs attention is, are we right in condemning them ? Are we better off than these script kiddies ??
This is not a flame Bait. I wish we could all debate on this.
Rapid Nirvana
Considering what others have said on the subject of Script Kiddie Psychology, it figures that these kids would attack those in a position to make compare favourably to them.
It struck me that this point of view is essentially identical to that of the schoolyard bully who picks on smart kids, because everyone is always telling him he's not smart (for example).
Still, I find it strange that these kids would want to attack someone who may be a fellow IT peer a few years down the track. All depends on who you feel most threatened by, no? The schoolyard bully sees more threat in the nonviolent academic kids than in the schoolyard principal.
Anyway, I don't want to start generalizing. I am only talking about this particular instance of the scriptkiddies.
--
NO TOUCH MONKEY!
How can you know you don't like it before you read it, heh?
I think that's one of the nice aspects of moderation, if an anonymous person posts something interesting, it's usually modded up.
Just my .02
One shall speak only if what one has to say is more beautiful than silence
Puh'leeze... we're out here
Okay... I'll do the stupid things first, then you shy people follow.
Okay... I'll do the stupid things first, then you shy people follow.
[Zappa]
K5 Troll || Beware the blackhole
This is obvoiusly the software that is being used to do this, If anybody wants the annonuncement it was posted on sid=slashcode, this seriously angers me, that someone should take it to this extent, I admit i've done crap to slashdot but seeing what I can do i've stopped developing sTs and put an explaination why on slashtroll.tripod.com
It pisses me off that someone should take a whole website down
Last time I wrote to him, his email address was rusty@kuro5hin.org
This is exactly why I'm proud to be a VA Linux customer. I got my company to invest in a dual PIII/700 system with RAID and 1GB RAM, and it's worked perfectly, without flaw. I'd warmly endorse them any day of the week, for that and the excellent support they give back to the Linux community.
D
----
K5 Troll Developer
I will gladly accept donations on behalf of k5.
j/k
On a serious note, I want to reiterate that it's great to see everyone rallying together like this. Where exactly are the k5 staff located? That information may help out in letting you know what we can do to help. If you're in the Chicago area, I know a great bunch that would love to assist you guys. Since you aren't necessarily going to be able to go through all your mail, I thought it would be an idea to post that here.
Dissenter
Dissenter
"There is no knowledge that is not power."
Slashdot and kuro5hin were at war - the only people who believed this were the pathetic slashdot trolls like spiralx and fluffy grue(who wants DDoSed slashdot) who were always pushing the conspiracy theory edge.
Not to put too fine a word on it, but bollocks. I've never believed /. and k5 were at war or even in competition, its obviously not the case to anyone with half a clue about either site. A few sly jokes was about the most it ever got to.
I like kuro5hin and I read it every day during the week whilst I'm at work. I don't post that often, but I do when I've got something to say. I haven't trolled k5 and I won't troll k5, because it simply doesn't have the knee-jerk crowd /. has.
You need to calm down and stop throwing blame around. I don't think anyone really thinks /. attacked kuro5hin.
Rusty pulled K5 "because I didn't want my name associated with what was showing up on the site". The issue was discriminating signal from noise. At a certain point, things reached the level of crashing scoop.k5.org, but this wasn't the initial or principle problem.
The problem is that IP-based blocking only works against finite IPs. In this case, the attacks were coming from a relatively small number of sites, but things kept escalating beyond the ability of the K5 volunteer staff to deal with them.
Yes, chokepoint DoS is a possible attack, but the weblog was choking on poor quality data long before that.
What part of "Gestalt" don't you understand?
Scope out Kuro5hin
What part of "gestalt" don't you understand?
Are you kidding? It's one of the best marketing moves they could have made. You can't buy publicity like that. Even if they weren't really nice guys they'd probably be doing it for the free advertising.
You're probably right, but that goes for any good deeds a company does. And usually, people get suspicious no matter how altruistic you are. Coors got in trouble for giving a hundred thousand dollars to a gay rights group with their community because the owners sometimes give money to conservative groups, too. Coors is one of the best places you can work if you're g/l/b, but get branded as an 'enemy' anyway.
I think you are totally correct when you say that this is a great move from a marketting standpoint, but I also get really annoyed when people get all suspicious of 'big corporations'. People don't seem to have any rational basis for their anti-company bias, other than something they heard on TV or in a movie.
Then you get companies like VA, which is filled with people who work their asses off to make great products, and they get jumped on. It is this kind of anti-corporatism bias which leads to script kiddie vigilantes. K5 was a volunteer effort, but the same principle applies: you get punished for being successful and useful for thousands of people.
With all that said, now that I think of it, everyone who reads K5 who would buy VA stuff probably already does. It isn't like they need more visibility or Open Source community legitimacy.
Ok, now I probably shouldn't get myself into this, but aren't you effectively doing the same sort of thing that happened to Kuro5hin? I mean, here we have a poster you don't like. That's fine. Perhaps there's something not to like. But it sounds to me that you're subverting the moderation scheme beyond what it is intend to me to pursue a personal vendetta. Is that really any different from people subverting the internet to pursue personal vendettas?
If a post is overrated, yeah, moderate it overrated. But don't decide that just because you don't like a poster, the rest of us should have to wade through whiny complaints or miss posts moderated purely for dickish motives.
The internet would be a much better place if people would just take a fucking pill and chill out. And that includes both the people with the anti-Kuro5hin vendetta and a lot of Slashdot posters.
All the complaints about karma-whoring are far more annoying than the karma-whoring is in the first place.
The cake is a pie
It is sad enough that one of the most interesting online discussions I've had in a while has been lost due to kuro5hin going down but now to see people cheapen the memory of the site in a CHEAP attempt to karma whore and seem deep is just too disgusting for words.
To all the idiots who think slashdot had something to do with this I'd like you to consider your words in this light...
- Slashdot and kuro5hin were at war - the only people who believed this were the pathetic slashdot trolls like spiralx and fluffy grue(who wants DDoSed slashdot) who were always pushing the conspiracy theory edge.
- Micheal has posted to kuro5hin several times and the other slashdot authors read it as well. CmdrTaco offered rusty help and gave advice on how to deal with the DDoS attempts several times. The only people who have ever believed they are at war are the small-minded people who can not like two things at once, who must always believe something has to be one "hip", "cool" or "in thing to do or like. These people have been spreading disinformation, malice and discord simply bnecause they have nothing beter to do with their time. They are quite similar to the "Redhat wants to be the Linux monopoly" idiots but only this time, they are posting their drivel at an innoportune moment.
Frankly this entire affair has deeply shaken my faith in human nature. There I was thinking that online I'd find a community of like-minded intellectuals who I could share and discuss ideas with that I couldn't find In Real Life. Instead one community turns out to be as full of petty, small-minded individuals as my hated highschool was while the other has probably been destroyed forever by some immature individual because his story on masturbation was rejected by the community.I gotta go I've got a Physics test in an hour. I will say this though, if anyone wants to start another kuro5hin and needs an extra pair of hands mail me.
It was ten o'clock, and we went to watch The Simpsons. While we watched, the guy had just been spamming the server more. he started spamming about fifteen minutes after we went to watch The Simpsons. How could someone do this?
Damn right! Doesn't this cracker have any sense of cultural literacy? I bet he watches the Home Shopping Network for fun.
"If one is really a superior person, the fact is likely to leak out without too much assistance" -- John Andrew Holmes
All the boxes used were cracked...gotta contact the owners of those boxes who are prolly cowering in fear right now.
-Davidu
# Hack the planet, it's important.
Bear in mind that I am not trying to flame slashdot, obviously I like it or I wouldn't read it. But most of these problems I see in the middle of the night (eastern time2 or 3 am). You have to wonder then because you KNOW they aren't getting nearly as many hits as they are getting at 11 or 12 am. That's all. I do love /. and if I was a coder I would contribute, but I'm not so I suggest instead.
And true /. is not in the same league as Yahoo, but I consider it to be a lot larger than my friend from colleges site, and they have a LOT of money and major corporate backing.
Just my opinion mind you.
Marc
Don't you people have a sense of humor anymore? christ.
We don't know how bad things are in north korea, but here are some pictures of hungry children. -- CNN
ReadThe ReflectionEngine, a cyberpunk style n
but you can jump into the IRC chat on irc.kuro5hin.org, channel #kuro5hin. See you there!
Of course, with /., we don't know what goes on in the sub queue, or if/when it's being attacked. It would be interesting to know about this, though there is the copycat problem associated with asking the question.
And I've got to say, /.'s been a great friend of K5 today, shout out to VA as well. Thanks, people. The world may not be perfect, but parts of it are excellent.
What part of "Gestalt" don't you understand?
Scope out Kuro5hin
What part of "gestalt" don't you understand?
But here's how I see it, /. is on hardcore equipment, and pays people to run it. If I ran a server (NT jokes aside) that was this unreliable I would be fired in about a week.
How about the odd story that at least tells us what is going on. Just throw something in the quickies like Hey we had some problems due to a mySQL misconfig, here's what happened and why. Not only would this satisfy a lot of us /bitchers, but it may provide a learning experience for all of us using similar tools.
Why did we think public-comment websites would be substantially different from Usenet? The only real social diff here is that Usenet has a much bigger group of volunteers trying to keep it working (cancelbots, etc.). It seems like the experiments in trust-based submission networks haven't given use the best answer yet.
I feel really bad for Kuri5hin. But as a denizen of one of the hotter parts of Usenet for the last decade, it is all eerily familiar, and in these web-spaces there are no killfiles to adjust.
It really is complicated to think about the best methods of moderation compared to traffic levels. I've got a creative writing site that makes group-created cyoa books - right now it's low-traffic enough that I don't need any of these techniques, but I've thought a lot about how to increase it with popularity. The best idea I've had so far is a sort of clustering approach where people vouch for each other - popularity combined with there being an "in" crowd - but that feels a bit complicated to implement for someone who doesn't have a CS degree like myself.
Looking forward to next month when they come live again...
tune
skkkoooonnnggggkkk ptui
Breakfast Cereal Contamination Alert!
Read this if you or your kids eat General Mills breakfast cereal.
Even if anonymous submissions were removed, you'd still have the problem of people registering accounts and posting flames, spam, or what have you. This tends to be fairly common now, so I don't imagine it'll do anything but increase.
Not at all true. Other web based forums rely upon a valid E-Mail address that the user must be able to reply from in order to register. One that I know of that remains quite busy has the additional restriction of not allowing you to use free services, such as hotmail or yahoo. With such a system in place, you can actually make those bans stick.
True, even in this case there are ways to get around the system, but it requires a lot more work for the average spammer.
The line must be drawn here. This far. No further.
Of all people, I wouldn't expect you to be one to say: We should do something. If there's anything that's consistent in your articles, it's that you advocate action, even if what you don't succeed. You've always been one to stand up and do something if you believe in it. I'm pretty disappointed...
kwsNI
Hey, we're a community, right? And aren't community members supposed to help each other out in times of need?
Absolutely. This is what we need to be seeing. I am personally going through some pretty tough times, and it has been the support and assistance of my friends and my community which brought me through it. I am not a K5 reader, but it made my blood boil to hear about how someone tore them down.
I'm especially impressed that VA Linux is donating machinery to help. This is a time when we have to help one another out. So that, a year from now, the script kiddie is in jail or paying off a fine, while K5 is as strong as ever.
Blogs and discussion sites give people tremendous freedom. But things like this are a reminder that unless exercised responsibly, freedom is short lived. Sites which are constantly abused end up, if they survive at all, locked down, restricted and paranoid.
Anyway, for all those who can't wait, basically, I appreciate all your support a whole lot. A bunch of people have offered various things, from hardware to bandwidth to security services, and they are all appreciated. I'm just trying to get on top of the whole situation right now, but I will get back to everyone who wrote. This community rocks, and is the reason I'm "bitter and hopeful" now rather than bitter and depressed. Thanks all.
--
There is no K5 cabal.
I am not the real rusty.
k5 and /. were never enemies. Its some sort of rumor. Don't spread it any more. /. has given tons of help in getting k5 back up and running, by donating servers and expertise. So /. is a great help. Don't say that there is some feud or that they hate us. they don't.
What pains me is that the Three Big Weblogs (TBW) have portions of the solution. Slashdot has filtering tools. K5 has a good moderation system. Advogato has a good membership vetting system. However, the pieces need to be put together. Having them on seperate systems doesn't quite cut it.
What part of "Gestalt" don't you understand?
Scope out Kuro5hin
What part of "gestalt" don't you understand?
Actually if /. is going to emulate K5 they should start by banning ACs.
DrLunch.com The site that tells you what's for lunch!
Here: roblimo actually ordered Inoshiro a pizza, bacuse he hasn't eaten yet today. Roblimo's in MD, Inoshiro's in Canada. That, I think, is above and beyond the call of duty. The conspiracy theory is not true, no other discussion is necessary.
--
There is no K5 cabal.
I am not the real rusty.
It's like how good friends mock each other and pick on each other, etc. K5 and /. do that. K5 constantly puts up things like "at a certain other discussion site" and so forth.
--
Ben Kosse
Remember Ed Curry!
My bad, wasn't trying to offend. When I originally posted this there were several highly moderated posts that were playing up the slashdot vs kuro5hin angle. Such as this one, this one and this one.
Since they've all been moderated down, my post seems weird out of context. There were also several sub-level posts that played this angle up but I don't have time to find links to all of them. Frankly, several people on K5 do try to play up the Slashdot vs. kuro5hin angle more than you do I simply remembered your name and that of fluffy grue. Probably because you both troll or have trolled slashdot.
PS: I like Jon Erikkson, keep it up.
Unfortunately, it takes more than great code to make a great site. You could have perfect code, incredible features, but if you don't have an active audience and interesting content, your site *will* fail.
I am in an opposite position than you are; I have an audience, I have content, I have a server that can work for the time being, but I have no code. And most of all I lack the experience to prevent attacks like this one on k5 from happening to my site or even the knowledge of what to do if my site were to be attacked. Thus it is a liability for me to put up a site like k5.
I've gone on too long on this tangent, but let me reiterate that it takes both sides of the equation to make a site really work.
Cold and empty place
Where kuro5hin used to be.
Fuck you, skr1pt k1ddi3z.
(Can one say fuck in haiku? I hope so...)
--
The idea is more to put the fear of being caught into the mind of the troll.
I'm really, really serious about the reward. I will pay it, and I will consider paying some/most of it for any infomation leading to getting him at least kicked of his ISP.
"Howdy. I've been reading k5 for a few months now, and I was really getting to enjoy it. Not just the site, but the community of people that read and posted there. Needless to say, I was saddened to find that k5 has been brought down by script kiddies. I'd like to do something to help, but I probably can't offer anything in the way of coding skills that you guys don't already have. Thus, I was wondering if I'd be able to send you guys some sort of monetary donations, to be put towards higher-end hardware or better net connectivity or whatever. The only other person I've talked to about this is interested in donating as well.
Hey, we're a community, right? And aren't community members supposed to help each other out in times of need?"
This pisses me off. Thanks to these 31337ers, I now have to go a whole month with no kuro5hin. What's sadder, is that kuro5hin is now getting so much publicity that it'll probably turn into another Slashdot, with firstposters, natalies and penis birds.
On a related note, what's up with Slashdot tonight, it seems slower than ever... Hello, am I reaching?
--
"Oppression and harassment is a small price to pay to live in the land of the free." -- Montgomery Burns.
In case you are a bit confused at this point, Dylan Griffiths' K5 nick is "Inoshiro", not "Iroshiro". Sorry, Emet. Erm, I mean, Emmett :)
I sent a $20 donation to Rusty Foster (Kuro5hin.org's founder) with PayPal using the rusty@intes.net address listed in the WHOIS servers as he contact for kuro5hin.org. He has replied to me in email, so I know he received it. (He replied from rusty@kuroshin.org, which I almost used in the first place.)
Here's the message I included along with the money:Anyone else care to join me, and show that their all-volunteer efforts really are appreciated?
Deven
"Simple things should be simple, and complex things should be possible." - Alan Kay
i don't understand animosity of this sort against k5. as the k5 guys said, it really proves nothing to take down k5.. the scoop software is written with the assumption that the community will make the site what it wants too, and so it allows the things that were exploited. it would be different, though no less moral, if the attackers were exploiting some bug in the software.. but they weren't.. it is just destruction for the sake of destruction.. and if your going to destroy like that, there are many better places to do it.
flood ebay with crappy auctions.. flood amazon with fake orders.. flood hotmail with fake accounts sending gigs of email to each other... i'm not advocating these things, but if you're going to do destruction for destruction's sake, pick something better than k5.
wish
---
Slashdot for one, need to make a clear definition as to whats right and whats wrong.
/. and k5 enjoy? What about unjust laws? What about ambiguous areas of law? Do you really believe that ideas in a discussion forum should be censored solely because they do not fit with your definition of right and wrong?
/.ers are), then nobody will stop you from posting pro-RIAA essays. In fact, if your post is thoughtful and interesting many moderators will moderate you up if only to stimulate an interesting discussion. Most of us who read /. and k5 are quite capable of making moral and ethical decisions for ourselves and we are in little need of sanctimonious censors.
/. as a single entity with a single voice is inaccurate. A better characterization is one of a community of people with a shared interest in a collection of related topics. While many attitudes are shared by a plurality or even a majority of /.ers ("Microsoft sucks," "The Matrix was a fun, if silly, movie," "Jon Katz makes up too many new words."), opposing opinions can always be found within the Slashdot community. (Well, perhaps not with the Jon Katz word-coining issue).
Are you volunteering to lead this crew of Thought Police? What criteria do you propose we use to excise subversive posts--shall we use strict legality according to current U.S. law? What about the international audiences
Part of the charm of Slashdot and k5 is that these sites don't discriminate among its posters' ideas beyond the moderation imposed by its own readers. For example, if you are on the side of the RIAA in the Napster debate (and many
Speaking of
Most of the times, we are so hard to identify whats right or wrong.
That's because most of the time one cannot so narrowly determine the "rightness" of a given idea. Privacy is both right and wrong depending on circumstance and the value system of the one assessing its rightness. Copying software or music is both right and wrong--even the strict U.S. legal definition of "fair use" is a gray area. In fact, the continued existence of nuclear weapons is both right and wrong. (Is keeping an arsenal of weapons of mass destruction necessarily "wrong" if the weapons are never used, if total war is prevented by MAD, and if much human suffering is thereby circumvented?) In my mind the most interesting discussions are those where moral ambiguity arises. If I want someone else to make all these decisions for me, then I can just tune in to Rush Limbaugh.
Now, poor security shouldn't be tolerated but I'm not going to DoS someone because they were cracked. The only thing those sys admins should get is an e-mail telling them they've been owned.
kwsNI
But here's how I see it, /. is on hardcore equipment, and pays people to run it. If I ran a server (NT jokes aside) that was this unreliable I would be fired in about a week.
How about the odd story that at least tells us what is going on.
Could it be because slashdot is tired of calling attention to the myriad DDoS attacks they get weekly?
When rusty first mentioned the DDoS attacks on kuro5hin, a lot of us suggested not giving the spammer coverage so as not to feed his ego, because we 'd seen how that made slashdot more of a target. I guess we were wrong and that didn't help. Of course, rusty and Inoshiro threatening to contact the law may have also pushed the spammer over the edge.
I know, you're thinking, "but Fox shows Simpsons reruns every hour where I come from", but some backwards affiliates have cut down to showing the Simpsons only 11 (or even as few as 6!) times per week.
So don't be silly; the cracker was probably working from another timezone where the Simpsons had already ended or hadn't yet begun. I mean, just because he's an immature criminal vandal doesn't mean he's a complete monster!
Fine, thanks.
Doesn't this leave an incredibly detailed 'IP' trail? I'm not a networking person, unfortunately, but once you have found, say, 10 cracked boxes, if you leave them 'on', can't you use them to trace? Of course it isn't simple, owing to scripts, and multiple levels of cracked boxes... but the more smoking guns, the more evidence, isn't it?
This entity also had to be doing it in pretty real time, since they could switch boxes so fast after being banned. Of course, perhaps there could be scripts to handle that too, I dunno. Anyone care to speak up?
Bye!
GPL Deconstructed
Unfortunately too, the sites that are the most likely to be hit are ones where the creators and admins actually care about the site and pay attention to the community. Notice how noone talks about ZDNet discussion board trolls? It's cause noone cares, and the ZDNet people couldn't give a fuck if people trolled them or not.
I hate to sound bitter, but after seeing sites I have run suffer the same kind of sabotage as this I have to say it: people online are often inclined to be complete and utter assholes, and the only people it hurts are the ones who CAN be hurt because they care.
sig:
sig:
See the "..for smart people" banners Wired runs here? Look elsewhere guys.